LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   DNAT issue with iptables (https://www.linuxquestions.org/questions/linux-networking-3/dnat-issue-with-iptables-4175419681/)

Fatboyslim 08-01-2012 01:36 AM
DNAT issue with iptables
 
Hi Guys

Im very much a n00b when it come to iptables etc

heres my setup

2 nics , WAN & LAN

eth0 = LAN =192.168.10.10
eth1 = WAN = 123.123.123.123

I am trying to DNAT incoming traffic on 123.123.123.123:9180 to 192.168.10.10:80

rule im using

-A PREROUTING -i eth1 -p tcp -m tcp --dport 9180 -j DNAT --to-destination 192.168.10.10:80

where the

--dport 9180 is that of eth1

is this correct or what am i missing , for the life of me i cannot get this to work ?

does my http server need to use my router as the Default gateway ?

any help will be greatly appreciated
im really just trying to get my head around iptables etc

KinnowGrower 08-03-2012 10:16 PM
You have to add rule to firewall to allow the nated packets to be allowed on FORWARD chain
Code:
iptables -A FORWARD -p tcp -i eth1 -o eth0 -d 192.168.10.10 --dport 80 --sport 1024:65535 -m state –state NEW -j ACCEPT
iptables -A FORWARD -t filter -o eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

goossen 08-05-2012 06:36 PM
Is the ip_forward allowed ?
Code:
cat /proc/sys/net/ipv4/ip_forward
Should return 1


All times are GMT -5. The time now is 08:13 AM.